Algorithms, Digital Signatures, and Pragmatics Cryptography Algorithms, Digital Signatures, and Pragmatics Frequently, presenters must deliver material of a technical nature to an audience unfamiliar with the topic or vocabulary. The material may be complex or heavy with detail. To present technical material effectively, use the following guidelines from Dale Carnegie Training®. Consider the amount of time available and prepare to organize your material. Narrow your topic. Divide your presentation into clear segments. Follow a logical progression. Maintain your focus throughout. Close the presentation with a summary, repetition of the key steps, or a logical conclusion. Keep your audience in mind at all times. For example, be sure data is clear and information is relevant. Keep the level of detail and vocabulary appropriate for the audience. Use visuals to support key points or steps. Keep alert to the needs of your listeners, and you will have a more receptive audience. Arun A Tharuvai CSC8530 November 25, 2003
Introduction Cryptographic Algorithms Digital Signatures Cryptography Pragmatics In your opening, establish the relevancy of the topic to the audience. Give a brief preview of the presentation and establish value for the listeners. Take into account your audience’s interest and expertise in the topic when choosing your vocabulary, examples, and illustrations. Focus on the importance of the topic to your audience, and you will have more attentive listeners.
Cryptographic Algorithms Convert plaintext message M to ciphertext {M}K using an encryption algorithm E, and a key K E(K,M) = {M} K Secrecy should lie in the key, not the algorithm If you have several points, steps, or key ideas use multiple slides. Determine if your audience is to understand a new idea, learn a process, or receive greater depth to a familiar concept. Back up each point with adequate explanation. As appropriate, supplement your presentation with technical support data in hard copy or on disc, e-mail, or the Internet. Develop each point adequately to communicate with your audience.
Cryptographic Algorithms Symmetric Algorithms (Secret key) Same key is used for encryption and decryption, and shared by both parties Asymmetric Algorithms (Public key) A public key, used by anyone for encryption A corresponding private key is used for decryption.
Cryptographic Algorithms Block Ciphers Operate on fixed-size blocks of data. 64 bits is a common size. Useful for non-realtime data, including email and data. Stream Ciphers Operate on single bits of data. A stream of bits is used by a function known as a keystream generator. In practice very similar to block ciphers. CBC mode Each plain text block is combined with the preceding ciphertext block using XOR before it is encrypted Prevents similar blocks from encrypting to the same result.
Design Techniques Confusion Diffusion Use of reversible mathematical operations like XOR and bitshifting to combine each block of plaintext with a key Diffusion Use of techniques like transposing portions of each plaintext to reduce regular patterns in plaintext
Secret-key Algorithms TEA DES IDEA AES (Rijndael)
DES Data Encryption Standard Designed to be fast in hardware and slow in software. 56-bit key is used to encrypt 64 bit blocks Bit permutation, combined with 16 rounds of performing the XOR operation with different 48-bit subsets of the key. Chosen in 1977. In 1998, the EFF showed that it was possible to build a machine to crack DES keys in < 3 days for under $250,000, including design costs. Triple DES (3DES) – applies DES three times using 2 keys, as follows: E3DES(K1,K2,M) = EDES (K1,DDES (K2,EDES (K1,M))) and is effectively as strong as a 112-bit private key. However, it’s very slow.
Public-key Algorithms RSA Diffie-Helman El-Gamal Elliptic curve algorithms
RSA Most widely used public key encryption standard. Based upon the difficulty of factoring the product of two very large numbers. To generate a key-pair Choose two large prime numbers, P and Q. N = P * Q Z = (P-1)* (Q-1) d is any number relatively prime to Z. e is a number, such that e*d = 1 mod Z The encryption key is e,N and the decryption key is the pair d,N To encrypt plaintext M, E(e,N,M) = Me mod N To decrypt ciphertext c, D(d,N,C) = cd mod N
Hybrid Protocols SSL/TLS SSH PGP/GPG Negotiable encryption and authentication algorithms. SSH PGP/GPG Uses RSA to encrypt a secret key which is then used for encrypting a document via IDEA, or 3DES
Properties of Digital Signatures Authentic Unforgeable Non-repudiable
Digital Signatures Digital Signing Digest Functions
Public Key Signatures A computes a digest of M, H(M), and encrypts it with his private key. A then sends it along with M to B B then uses A’s K_pub to decrypt
Secret Key signatures Useful when two participants have already agreed upon shared key via a different channel, or public key cryptography. A concatenates M with K, and computes the digest, H(M+K) = h, sending M,h B concatenates M with K, H(M+K) = h’ comparing with h. If they’re equal the message was sent by someone with K.
Secure digest Functions – properties Ease of computing hash Difficulty of generating message from hash Difficulty of finding another message that maps to the same hash value
Secure Digest Functions MD5 SHA Symmetric algorithm using CBC
Secure Digest Functions Birthday attack I am writing {this memo | } to { demand | request | unform you} that {Fred | Mr. Fred Jones} {must | } be { fired | terminated} {at once | immediately}. As the {July 11| 11 July} {memo| memorandum} {from | issued by} {personnel| human resources} states, to meet {our | the corporate} {quarterly | third quarter} budget {targets | goals}, {we must eliminate all discretionary spending | all discretionary spending must be eliminated.} {Despite | Ignoring } that {memo | memorandum | order }, Fred { ordered | purchased } {PostIts | nonessential supplies} in a flagrant disregard for the company’s {budgetary crisis | current financial difficulties}.
Certificate standards, Authorities X.509 SPKI
Cryptography Pragmatics Performance Legal Issues Key sizes and speed
Cryptographic Performance Key/hash size Speed (kb/s) Secret TEA 128 700 DES 56 350 3DES 112 120 IDEA Public RSA 512 7 2048 1 Message Digest MD5 1740 SHA 160 750
Legal and Political Issues Until recently, there were severe restrictions on cryptography, especially export controls, including teaching of such knowledge to foreign nationals in the US. The FBI and NSA wanted restrictions for ease of decrypting both foreign and domestic communications. Algorithms approved for export were limited to 40-bit encryption. Easily breakable with modern technology. Proposals in the mid-90s called for mandatory key-recovery for products exported, and even those used internally. Currently, export controls now only exist on the T-7 countries. As of 2000, Cryptographic source code can be exported as long as copies are sent to the Bureau of Industry and Security of Commerce department.
Conclusion The end Determine the best close for your audience and your presentation. Close with a summary; offer options; recommend a strategy; suggest a plan; set a goal. Keep your focus throughout your presentation, and you will more likely achieve your purpose.
References Charlie Kaufman, Radia Perlman, Mike Speciner, Network Security: Private Communication in a Public World, Prentice Hall, Inc, Upper Saddle River, New Jersey, 1995 505pp. Schneier, B., Applied Cryptography, 2nd ed., John Wiley & Sons, New York, 1996, 675 pp. Electric Frontier Foundation, Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, O’Reilly & Associates, Sevastopol, California, 1998, online at http://cryptome.org/cracking-des.htm George Coulouris, Jean Dollimore, Tim Kindberg, Distributed Systems: Concepts and Design 3rd ed, Addison-Wesley, New York, 2001, pp 272-291.